Many companies will not see the benefits of their zero-trust efforts in the coming years, while legislation on paying ransomware gangs will expand and attacks on operational technology may have real-life consequences, according to a set of predictions. cyber security.
The list comes from gartner technology analystthat said business leaders should incorporate these strategic planning assumptions into their security strategies for the next two years.
“We can’t fall back into old habits and try to treat everything the same way we have in the past,” said Gartner Senior Analyst Director Richard Addiscott. “Most security and risk leaders now recognize that a major disruption is just a crisis away. We can’t control it, but we can evolve our thinking, our philosophy, our program and our architecture.”
- Consumer privacy rights will be expanded
Privacy regulation continues to expand and the tech analyst predicts it will stretch to cover five billion people and more than 70% of global GDP. He said organizations should track subject rights request metrics, including cost per request and fulfillment time, to identify inefficiencies and justify accelerated automation.
- By 2025, 80% of companies will adopt a strategy to unify the web, cloud services and access to private applications
Garter said that with the rise of hybrid working, providers are offering integrated security services edge services across cloud and web application security. The benefit here is tighter integration, fewer consoles to use, and fewer locations where data needs to be decrypted, inspected, and re-encrypted.
- Many organizations will adopt zero trust but fail to realize the benefits.
Tech analyst predicts that by 2025, 60% of organizations will attempt to adopt zero-trust security, a concept that assumes there is no traditional “edge” in the corporate network, so all devices and users must re-authenticate periodically. But he said that more than half will not realize the benefits.
Replacing implicit trust with identity, and risk-appropriate and context-based trust, is extremely powerful, Gartner said, but requires cultural change and clear communication linking it to business outcomes to realize benefits. And not every company that tries will succeed.
- Cybersecurity will be key in choosing business partners.
Gartner predicts that by 2025, 60% of organizations will use cybersecurity risk as a “primary determinant” in conducting third-party transactions and business engagements. Only 23% of organizations monitor third parties in real time for cybersecurity exposure, according to Gartner data. But as a result of pressure from customers and regulators, he believes organizations will begin to insist on measuring cybersecurity risk, from simple monitoring of a critical technology vendor to complex due diligence for mergers and acquisitions.
- Ransomware payment legislation will increase
Right now, there is little legislation on when companies can, and cannot, pay ransomware lawsuits. That could be about to change; Gartner predicts that one in three countries will introduce such laws soon. The decision to pay the ransom or not is a business decision, not a security one. Gartner recommends engaging a professional incident response team, as well as the police and any regulatory bodies before trading.
- Hackers will weaponize operational technology environments to inflict human casualties.
Attacks on OTs (hardware and software that monitor or control equipment, assets and processes and are often the brains behind industrial systems in factories or power grids) have become more common and disruptive, Gartner said, warning that to By 2025, threat actors will have operational technology environments “weaponized” to inflict human casualties. “In operational environments, security and risk management leaders should be more concerned with real-world dangers to humans and the environment, rather than information theft,” according to the analyst firm.
- Resilience will be more than just cybersecurity
By 2025, 70% of CEOs will drive a culture of organizational resilience to deal with cybercrime threats, but also severe weather events, civil unrest and political instabilities, Gartner said. “As the disruption is likely to continue, Gartner recommends that risk leaders recognize organizational resiliency as a strategic imperative.”
- Cybersecurity will matter for the CEO bonus
By 2026, 50% of C-level executives will have risk-related performance requirements built into their employment contracts, Gartner said. With boards now increasingly viewing cyber security as a business risk rather than just a technical issue, responsibility for cyber risk will shift from the security leader to senior business leaders, she said.